You are not in a GitHub repository.
Choose one from the pulldown, or Import or Publish one.
"); + alertError("You are not in a GitHub repository. Choose one from the pulldown, or Import or Publish one."); return null; } return 'https://github.com/' + toks[0] + '/' + toks[1]; @@ -701,7 +702,7 @@ async function importProjectFromGithub(githuburl:string, replaceURL:boolean) { }).catch( (e) => { setWaitDialog(false); console.log(e); - alertError("Could not import " + githuburl + ".
" + e); + alertError("Could not import " + githuburl + "." + e); }); } @@ -710,7 +711,7 @@ async function _loginToGithub(e) { gh.login().then(() => { alertInfo("You are signed in to Github."); }).catch( (e) => { - alertError("Could not sign in.
" + e); + alertError("Could not sign in." + e); }); } @@ -809,13 +810,13 @@ function confirmCommit(sess) : PromiseAre you sure you want to delete this repository (" + ghurl + ") from browser storage?
All changes since last commit will be lost.
Type DELETE to proceed.
", (yes) => { + bootbox.prompt("
Are you sure you want to delete this repository (" + DOMPurify.sanitize(ghurl) + ") from browser storage?
All changes since last commit will be lost.
Type DELETE to proceed.
", (yes) => { if (yes.trim().toUpperCase() == "DELETE") { deleteRepository(); } @@ -976,7 +977,7 @@ function _downloadCassetteFile_apple2(e) { var blob = new Blob([audout], {type: "audio/wav"}); saveAs(blob, audpath); stdout += "Then connect your audio output to the cassette input, turn up the volume, and play the audio file."; - alertInfo('
'+stdout+''); + alertInfo(stdout); } }); } @@ -1008,7 +1009,7 @@ function _downloadCassetteFile_vcs(e) { let blob = new Blob([audout], {type: "audio/wav"}); saveAs(blob, audpath); stdout += "\nConnect your audio output to the SuperCharger input, turn up the volume, and play the audio file."; - alertInfo('
'+stdout+''); + alertInfo(stdout); } }); }); @@ -1037,7 +1038,7 @@ function _revertFile(e) { if (wnd && wnd.setText) { var fn = projectWindows.getActiveID(); $.get( "presets/"+getBasePlatform(platform_id)+"/"+fn, (text) => { - bootbox.confirm("Reset '" + fn + "' to default?", (ok) => { + bootbox.confirm("Reset '" + DOMPurify.sanitize(fn) + "' to default?", (ok) => { if (ok) { wnd.setText(text); } @@ -1056,7 +1057,7 @@ function _deleteFile(e) { var wnd = projectWindows.getActive(); if (wnd && wnd.getPath) { var fn = projectWindows.getActiveID(); - bootbox.confirm("Delete '" + fn + "'?", (ok) => { + bootbox.confirm("Delete '" + DOMPurify.sanitize(fn) + "'?", (ok) => { if (ok) { store.removeItem(fn).then( () => { // if we delete what is selected @@ -1080,7 +1081,7 @@ function _renameFile(e) { if (wnd && wnd.getPath && current_project.getFile(wnd.getPath())) { var fn = projectWindows.getActiveID(); bootbox.prompt({ - title: "Rename '" + fn + "' to?", + title: "Rename '" + DOMPurify.sanitize(fn) + "' to?", value: fn, callback: (newfn) => { var data = current_project.getFile(wnd.getPath()); @@ -1823,8 +1824,8 @@ function addFileToProject(type, ext, linefn) { var wnd = projectWindows.getActive(); if (wnd && wnd.insertText) { bootbox.prompt({ - title:"Add "+type+" File to Project", - value:"filename"+ext, + title:"Add "+DOMPurify.sanitize(type)+" File to Project", + value:"filename"+DOMPurify.sanitize(ext), callback:(filename:string) => { if (filename && filename.trim().length > 0) { if (!checkEnteredFilename(filename)) return; diff --git a/src/ide/waveform.ts b/src/ide/waveform.ts index 96da43cc..4f2fd628 100644 --- a/src/ide/waveform.ts +++ b/src/ide/waveform.ts @@ -1,6 +1,7 @@ import { Toolbar } from "./toolbar"; import { VirtualList } from "../common/vlist"; +import DOMPurify from "dompurify"; const BUILTIN_INPUT_PORTS = [ 'clk', 'reset', @@ -359,7 +360,7 @@ export class WaveformView { //min: 0, //max: meta.len-1, //placeholder: rangestr, - title: `Enter new value for "${meta.label}" (${rangestr}):`, + title: `Enter new value for "${DOMPurify.sanitize(meta.label)}" (${rangestr}):`, callback: (result) => { if (result != null) { var value = parseInt(result);